| | | | | | | | |
|
| | Log Name | Event Type | Category | Generated On | User | Source | Description
|
| | Application | Warning | None | 2019-08-07 17:18:49 | SYSTEM | Microsoft-Windows-User Profiles Service | 1534: Profile notification of event Load for component {44BAF61B-E481-4305-9166-33B1FD3F4876} failed, error code is See Tracelogging for error details.
|
| | Application | Error | None | 2019-08-07 17:20:07 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004E028 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
|
| | Application | Error | None | 2019-08-07 17:20:07 | | Software Protection Platform Service | 8200: License acquisition failure details. hr=0xC004C003
|
| | Application | Error | None | 2019-08-07 17:20:07 | | Software Protection Platform Service | 1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
|
| | Application | Error | None | 2019-08-07 17:20:09 | | Software Protection Platform Service | 8200: License acquisition failure details. hr=0xC004C003
|
| | Application | Error | None | 2019-08-07 17:20:09 | | Software Protection Platform Service | 1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
|
| | Application | Error | None | 2019-08-07 17:20:10 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Error | None | 2019-08-07 17:54:06 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004E028 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
|
| | Application | Error | None | 2019-08-07 17:54:07 | | Software Protection Platform Service | 8200: License acquisition failure details. hr=0xC004C003
|
| | Application | Error | None | 2019-08-07 17:54:07 | | Software Protection Platform Service | 1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
|
| | Application | Error | None | 2019-08-07 17:54:08 | | Software Protection Platform Service | 8200: License acquisition failure details. hr=0xC004C003
|
| | Application | Error | None | 2019-08-07 17:54:08 | | Software Protection Platform Service | 1014: Acquisition of End User License failed. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
|
| | Application | Error | None | 2019-08-07 17:54:09 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004C003 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Application | Error | None | 2019-08-07 18:36:36 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004F025 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
|
| | Application | Error | None | 2019-08-07 18:36:37 | | Software Protection Platform Service | 8198: License Activation (slui.exe) failed with the following error code: hr=0xC004F025 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
|
| | Security | Audit Success | 12288 | 2019-08-07 17:14:40 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x7b0 Name: C:\Windows\System32\svchost.exe Previous Time: 2019-08-07T22:48:36.672386400Z New Time: 2019-08-07T14:14:40.765772700Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12288 | 2019-08-07 17:14:40 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x7b0 Name: C:\Windows\System32\svchost.exe Previous Time: 2019-08-07T14:14:40.765772700Z New Time: 2019-08-07T14:14:40.767645000Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 12290 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:14:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:14:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:14:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12290 | 2019-08-07 17:14:49 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:49 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2019-08-07 17:14:50 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:14:50 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:08 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:08 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:15:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:15:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:15:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:57 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:58 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:16:59 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:07 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:07 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:10 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:10 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Logon ID: 0x4779e Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Logon ID: 0x4779e Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x21e61d Linked Logon ID: 0x21e63a Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Workstation Name: WIN-NN53LCGB4N7 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: OOBE Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Logon ID: 0x4779e Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x21e63a Linked Logon ID: 0x21e61d Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe Network Information: Workstation Name: WIN-NN53LCGB4N7 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: OOBE Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x21e61d Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4720: A user account was created. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: %%2080 %%2082 %%2084 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4722: A user account was enabled. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: %%1794 Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x15 New UAC Value: 0x14 User Account Control: %%2048 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/7/2019 7:18:23 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x14 User Account Control: - User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Changed Attributes: SAM Account Name: user Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/7/2019 7:18:23 AM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x14 New UAC Value: 0x214 User Account Control: %%2089 User Parameters: - SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4724: An attempt was made to reset an account's password. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4728: A member was added to a security-enabled global group. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: - Group: Security ID: S-1-5-21-1667190791-3301118636-2800670287-513 Group Name: None Group Domain: DESKTOP-I4VK9ON Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4732: A member was added to a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: - Expiration time: (null)
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x1054 Process Name: C:\Windows\System32\CloudExperienceHostBroker.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:23 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x4d0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x3b0 Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x2dc Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x3e4 Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x454 Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_1cf62c11bac4d1af.cdf-ms Handle ID: 0x418 Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_facedriver_amd64_a24e7f3c1523e31d.cdf-ms Handle ID: 0x2dc Process Information: Process ID: 0x1868 Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:25 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x344 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 4725: A user account was disabled. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 4738: A user account was changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Changed Attributes: SAM Account Name: defaultuser0 Display Name: %%1793 User Principal Name: - Home Directory: %%1793 Home Drive: %%1793 Script Path: %%1793 Profile Path: %%1793 User Workstations: %%1793 Password Last Set: 8/7/2019 3:23:53 PM Account Expires: %%1794 Primary Group ID: 513 AllowedToDelegateTo: - Old UAC Value: 0x214 New UAC Value: 0x211 User Account Control: %%2080 %%2050 User Parameters: %%1793 SID History: - Logon Hours: %%1797 Additional Information: Privileges: -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:48 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: - Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-2 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-2 Account Name: UMFD-2 Account Domain: Font Driver Host Logon ID: 0x233d46 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-2 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x8c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x234133 Linked Logon ID: 0x234144 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x234144 Linked Logon ID: 0x234133 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x8c8 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0xa88 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Linked Logon ID: 0x235d5c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-NN53LCGB4N7 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Linked Logon ID: 0x235d3f Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0xa88 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-NN53LCGB4N7 Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x21e63a Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x21e61d Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Logon ID: 0x4779e This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0x7c1a Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x234133 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-2 Account Name: DWM-2 Account Domain: Window Manager Logon ID: 0x234144 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:18:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x4d0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:50 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcb81 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:18:50 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0xcb4a Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2019-08-07 17:18:51 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: RSA Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:51 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process Information: Process ID: 748 Process Creation Time: 2019-08-07T14:14:43.189061600Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: 1bb3b418-72c1-8e57-6392-4f7c4ced90a4 Key Type: %%2500 Key File Operation Information: File Path: C:\ProgramData\Microsoft\Crypto\SystemKeys\b932c13161e74f194d629b75902e64fc_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:18:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:18:52 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Failure | 12290 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Failure | 12290 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x80090016
|
| | Security | Audit Success | 12290 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2481 Return Code: 0x0
|
| | Security | Audit Success | 12290 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Process Information: Process ID: 5336 Process Creation Time: 2019-08-07T14:18:49.934037100Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2459 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Process Information: Process ID: 5336 Process Creation Time: 2019-08-07T14:18:49.934037100Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Process Information: Process ID: 5336 Process Creation Time: 2019-08-07T14:18:49.934037100Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Process Information: Process ID: 5336 Process Creation Time: 2019-08-07T14:18:49.934037100Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:18:54 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Process Information: Process ID: 5336 Process Creation Time: 2019-08-07T14:18:49.934037100Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:19:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:19:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:19:45 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:19:45 | | Microsoft-Windows-Security-Auditing | 5381: Vault credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c This event occurs when a user enumerates stored vault credentials.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:20:03 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:20:03 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:20:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:20:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:20:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2214 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:20:18 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2214 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:07 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:22:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:22:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:22:32 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:22:32 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8099 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:43 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:22:45 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:30:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:30:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:41 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:33:42 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:45 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:45 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:33:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:33:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:34:34 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:34:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:34:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:47 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4726: A user account was deleted. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Target Account: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: defaultuser0 Account Domain: DESKTOP-I4VK9ON Additional Information: Privileges -
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4733: A member was removed from a security-enabled local group. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: - Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4729: A member was removed from a security-enabled global group. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Member: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1000 Account Name: - Group: Security ID: S-1-5-21-1667190791-3301118636-2800670287-513 Group Name: None Group Domain: DESKTOP-I4VK9ON Additional Information: Privileges: -
|
| | Security | Audit Success | 13826 | 2019-08-07 17:35:49 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d3f Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x4d0 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:36:44 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x2250 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:37:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:37:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:37:36 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:37:36 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:37:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x102c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:37:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x102c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:38 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:37:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:38:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:38:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:38:20 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:45:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:45:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:53:24 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x235d5c This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x24c Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mcupdate_GenuineIntel.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_macromed_flash_853cbcf10f17f618.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_macromed_flash_5ff3bc7496f0271e.cdf-ms Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\activex.vch Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\Flash.ocx Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\activex.vch Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil_ActiveX.exe Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_083d4e330e766c5d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_46321ba736a30085.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_647a02df72a14032.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_wpf_en-us_0242687c673a608c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework64_v4.0.30319_nativeimages_ae465c5139d1dacc.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_c40c7a995ddd757b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_bc1339ef8efa3c4c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_wpf_en-us_dc5fd125966afabc.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_microsoft.net_framework_v4.0.30319_nativeimages_7f83bd6ed8241f3a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Services.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll Handle ID: 0x74 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Internals.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework-SystemData.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Aspnet_perf.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\compatjit.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\peverify.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceMonikerSupport.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Services.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Internals.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.WasHosting.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Extensions.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Activities.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.ComponentModel.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Workflow.Runtime.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\webengine4.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\mscorlib.ni.dll Handle ID: 0x70 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC2_v0400.dll Handle ID: 0x64 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC_v0400.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework-SystemData.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll Handle ID: 0x68 Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Controls.Ribbon.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: WIN-NN53LCGB4N7$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\en-US\PresentationHost_v0400.dll.mui Handle ID: 0x6c Process Information: Process ID: 0x1688 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 103 | 2019-08-07 17:53:31 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 12288 | 2019-08-07 17:53:31 | | Microsoft-Windows-Security-Auditing | 4616: The system time was changed. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 0x7b0 Name: C:\Windows\System32\svchost.exe Previous Time: 2019-08-07T14:53:31.907941500Z New Time: 2019-08-07T14:53:31.913402500Z This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:48 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x58 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:48 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0x58 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:48 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x124 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2019-08-07 17:53:48 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:49 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x13c New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x124 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:51 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c0 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x124 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1f4 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x240 New Process Name: ??????????????-??6??4????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x124 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x248 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1c0 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x250 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a4 New Process Name: ????????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x240 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2c4 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 17:53:52 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2dc New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x248 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xb434 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x248 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xb444 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10714 Linked Logon ID: 0x1073b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1073b Linked Logon ID: 0x10714 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x10714 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1073b Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:53 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xb280
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xb3c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:55 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xb3c Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2019-08-07 17:53:56 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xb34 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:56 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xb34 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x7c8 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x7d4 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x7d0 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_advancedinstallers_0c6bb4866bff02f7.cdf-ms Handle ID: 0x67c Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x6b4 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_advancedinstallers_dfe2cf200b391371.cdf-ms Handle ID: 0x684 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_fc2045b9046cc796.cdf-ms Handle ID: 0x67c Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_version_10.0.17763.611_95887dbcfaa886ed.cdf-ms Handle ID: 0x7c8 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sqm_51d9d5f9de5a2fa5.cdf-ms Handle ID: 0x6b4 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_sessions_5591aee9e2456a35.cdf-ms Handle ID: 0x684 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_servicing_packages_46c20bc5f833cc43.cdf-ms Handle ID: 0x6b8 Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 17:53:57 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_logs_cbs_10a752bcbbaee88b.cdf-ms Handle ID: 0x64c Process Information: Process ID: 0x74c Process Name: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.164_none_7e114a3d4d0589d4\TiWorker.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3caa4 Linked Logon ID: 0x3cac6 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Linked Logon ID: 0x3caa4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3caa4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x418 Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:53:58 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x540 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12290 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4456 Process Creation Time: 2019-08-07T14:53:58.979017000Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4456 Process Creation Time: 2019-08-07T14:53:58.979017000Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:53:59 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x20c Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:00 | | Microsoft-Windows-Security-Auditing | 5382: Vault credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 This event occurs when a user reads a stored vault credential.
|
| | Security | Audit Success | 13826 | 2019-08-07 17:54:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x125c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:54:00 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x125c Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:15 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:16 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:17 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 17:54:18 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:44 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:44 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:54:47 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:54:47 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2019-08-07 17:55:03 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:55:03 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Process Information: Process ID: 3888 Process Creation Time: 2019-08-07T14:53:58.421775500Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 17:55:03 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 Process Information: Process ID: 3888 Process Creation Time: 2019-08-07T14:53:58.421775500Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 17:55:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:55:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:55:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:55:56 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:55:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:55:56 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0xe161c Linked Logon ID: 0xe163b Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0xe163b Linked Logon ID: 0xe161c Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4c4 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0xe163b Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0xe161c Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0xe161c Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:21 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:21 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 17:57:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1554 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 17:57:24 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1554 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:25 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:25 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 17:57:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 17:57:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:00:54 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:00:54 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:02:31 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xccc Process Name: C:\Windows\System32\VSSVC.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 18:04:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:04:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:04:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:04:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:06:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:06:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:06:02 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:06:02 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:06:04 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:06:04 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:08:58 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:14:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:14:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:15:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:15:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:21:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:21:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:35:00 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:35:00 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:35:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:35:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:35:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:35:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2c4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 18:35:14 | | Microsoft-Windows-Security-Auditing | 4647: User initiated logoff: Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x3cac6 This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:35:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:35:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgfw.efi Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\bootmgr.efi Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\EFI\memtest.efi Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\Misc\PCAT\bootspaces.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootmgr Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootuwf.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\bootvhd.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\memtest.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\errata.inf Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\wfplwfs.inf Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVClient.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BFE.DLL Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ci.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hal.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IKEEXT.DLL Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iphlpsvc.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KerbClientShared.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lsasrv.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssecuser.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntdll.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NtlmShared.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntoskrnl.exe Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\securekernel.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\skci.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smss.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sxssrv.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcblaunch.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tcbloader.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.efi Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winload.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.efi Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winresume.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.efi Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winresume.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\afd.sys Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\AppvVemgr.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bridge.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cdfs.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\clfs.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cng.sys Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dam.sys Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dumpfve.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgkrnl.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms1.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\dxgmms2.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\exfat.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fastfat.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fltMgr.sys Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\fvevol.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\FWPKCLNT.SYS Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ks.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ksecpkg.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\luafv.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxdav.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mrxsmb20.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msfs.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\msrpc.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mssecflt.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ndis.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netbt.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\netio.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\npfs.sys Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ntfs.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\pdc.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdbss.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\refs.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\refsv1.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storport.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\tcpip.sys Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\udfs.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wfplwfs.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WindowsTrustedRT.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\winnat.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WppRecorder.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\MupMigPlugin.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KerbClientShared.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntdll.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NtlmShared.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\_0000000000000000.cdf-ms Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_401032e7a18c2040.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_waas_services_ddfc4ae175ff1678.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_3f582555a4c8be22.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_08335f148b847d02.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_system_e29eb58bafd8a559.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_vss_writers_application_85e0c568acb2deec.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_textinput_fb44238906e335d1.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_tasks_4010304fa1e03ae2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_21ffbdd2a2dd92e0.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_zh-tw_c63f42c23bbd5b2a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_zh-cn_c63f31ac3bbd74ba.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_19ae85881f1c4f2d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_b001352a7f7811a4.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_provisioning_a90c2174ca14f6c9.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netswitchteam_11ad3eda0a2aa874.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netlbfo_80fc9ece463f45fa.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_netconnection_0c47da6c3ce4e77d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_configci_10d2a1a7f9d9bb92.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_windowspowershell_v1.0_modules_branchcache_dbfd5dc74f864408.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_uk-ua_bcbec29049fe1bc7.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tr-tr_bad86a404cd7a0fb.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_th-th_bad858ac4cd7ba4b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_bad86ed64cd79762.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_200b1d7e84f3818e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_4e7d28a223eef37f.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_taskscheduler_4346cbc4150b5b5f.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_537d8a8a24b3a619.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sv-se_b8f1d9684fb17aaa.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sru_1bf25359a7665016.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sr-latn-rs_f675dc9d3d7875cf.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_skus_csvlk-pack_a04c4b36b1c86210.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_ppdlic_ee939189101570f7.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_spp_tokens_pkeyconfig_b2fdf59e46c165ae.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_voiceactivation_64af56b9bf516892.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_engines_tts_3ffb0757669d4b88.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_onecore_common_3ac1627a1b848769.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_speech_engines_sr_d5815721f6360684.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sl-si_b8f1e2684fb16c1c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_sk-sk_b8f1e6584fb16619.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ru-ru_b70b8052528b002f.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ro-ro_b70b75c6528b0f5f.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_pt-pt_b33e8f5c583e6983.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_pt-br_b33e8b90583e6f27.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_pl-pl_b33e814c583e7dc3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_oobe_1bf24c07bb30ce37.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_nl-nl_af7192185df1e48f.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_fac29f16fb5be78a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_networklist_icons_0ad2dfa4d19a0c98.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_nb-no_af7199325df1d8da.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_migration_bdcfa47e8790e0c4.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lv-lv_aba4b47863a5320b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_lt-lt_aba4b0f463a5371b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_sam_5371e95113e53c10.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_logfiles_lsa_5371ea7113e5392b.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ko-kr_a9be3642667eee9e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ja-jp_a7d7bcd46958a348.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_it-it_a5f14a266c32514d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imetc_0f296d620e0c52d5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imetc_applets_4cc083d5c906ff5a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_0f2986100e0c2dc6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ime_imejp_applets_73e32571896671cb.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_hu-hu_a40ad44e6f0c022b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_hr-hr_a40acf086f0c09c3.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_he-il_a40ac5786f0c16bd.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fr-fr_a03ddfd474bf708f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fr-ca_a03dbf8e74bfa0f5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_fi-fi_a03dd00274bf8757.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_et-ee_9e574f447799499c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_es-mx_9e57737a77991338.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_es-es_9e5769fc7799216d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-us_9e576ab077991fe8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_en-gb_9e574a6a77995043.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_el-gr_9e57691277992211.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_driverstore_9d5a0097549f0abb.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_dism_1bf2381fbb30eb13.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_diagsvcs_1a70cad8fcb82ce4.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_de-de_9c70d9c67a72f843.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_da-dk_9c70e5ba7a72e5e9.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_cs-cz_9a8a88127d4c744a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_bg-bg_98a3ee16802659ff.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_ar-sa_96bd698c83002208.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_syswow64_applocker_9faecc9d3543428d.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_0307ca33e1cd9708.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_0eb1b891774fd848.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_pris_ac5770c7358d5c72.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_images_34ab29edb02510f2.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_devicesflowui_fonts_f1a73aa6a3f2ec91.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_7ce6d31c57740cd3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_15857ed2e840b8f6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_clockflyoutexperience_assets_fonts_3fa5855c97ee0980.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_actioncenter_a731e71e58a2f6a7.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_actioncenter_assets_eb82088be72705a6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.shellcommon_actioncenter_assets_fonts_279fcd4b2bb48fa2.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_7298028ee386990a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingshandlers-nt_pris_71a69ceed5129daa.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_0b97cbddb6bef8ee.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_6f826ed139dc38ac.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_b04b2dbada91ba13.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_systemsettings_assets_fonts_e1429b15bb7a603f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsappthreshold_pris_c69f4420e8b9ac96.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_80571585edc0bc10.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_a2baca8046478552.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_5ec4ff00d0d98653.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_systemsettingsthresholdadminflowui_assets_45f5e040701cd097.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.settingsadminflowuithreshold_pris_8eb5d62ebc93ca12.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.ui.logon_ed8ece16fb61b4e6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.data.timezones_d6ed24e35548e087.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_windows.data.timezones_pris_4fe1d707bdf60b69.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_textinput_7145b1667a9c024f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_textinput_pris_c0bd418e6ad3668b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_5e79548f3d2c4397.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemresources_shellcomponents.switcher_pris_94c471057dd46b83.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_e21c90d9487ed242.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_pris_3818bc2422f945c8.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_shellexperiencehost_cw5n1h2txyewy_assets_7b05f0549cbec22d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cortana_cw5n1h2txyewy_2d6b8920d3f31e0d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_6369fdd3e5ab0989.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.contentdeliverymanager_cw5n1h2txyewy_images_f48d365ca6bf839f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_e92250ef2519d1f6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_0c3414e5ea9b964c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_608128e0971fe102.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_views_ab3b53e7951674ac.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_unifiedenrollment_js_c50fa6bbbb7c87b1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_2902e194c40c2d99.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_view_fa144ce8b696a5f6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_templates_js_30c977d57667d018.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_40a8494b26aff035.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_view_878bf08afd4f7608.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_surfacehubdeviceuser_js_b837e3558be51686.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_47e577bfb89f66ff.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_view_ffe5b70b18357b66.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_media_2e29d64a701c210b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_2be3c432c2ce3ede.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_scoobe_js_common_5c49fd1a5570d1f3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_d9ae0f7fd2cccc94.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_view_a30cd40228c98533.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusivesspr_js_04768872769d851d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_d9ae09c5d2ccd3fb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_9d516b3c2e3e1a84.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_view_templat_72e2a4dd8431fbed.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_media_fff1539a1a4e3fb7.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_fed525f87d913b20.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_js_common_9b35fdf5c98f69bb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_inclusiveoobe_css_9d5145ddb46283ae.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_views_d5eef763b212983a.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_hololensdiagnostics_js_8c1a5a20ff89a7b5.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_82255765359ba571.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_vi_7e71e645381609fd.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_enterprisengcenrollment_js_c58adfa13ec3cacc.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_webapps_antitheft_24a5fefd01d630ef.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_views_f55d581a0acbb522.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_f55759080d09bc14.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_4009_f24be8641cd5eaeb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_1009_f24be8d01cd5e9f8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0c_f24bfc161cd5cc82.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c0a_f24bf84a1cd5d234.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0c09_f24be91a1cd5e8fc.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_080a_f24bf8341cd5d297.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0809_f24be9041cd5e95f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0804_f24bdf861cd5f79c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0416_f24be34a1cd5f20f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0411_f24bd9cc1cd6004c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0410_f24bd7e61cd60325.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_040c_f24bfbf81cd5cd09.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0409_f24be8fc1cd5e983.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_speech_0407_f24be5301cd5ef35.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_retaildemo_d6007de2c4449ca2.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_pris_4436110b27fc8d08.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_36e69b3b0e7ecf70.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_js_c3e6a46e6987d93b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_microsoft.winjs-reduced_css_1f290cb460a43b49.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_media_f54b539a0b1cc81a.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_lib_b0f47f90f3500a51.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_js_91283bc423026fc5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_images_f5434c400d60dd7c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_fonts_f53d61bc0b5bbe04.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_4436285d27fc685e.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_data_prod_c85cee3a7af640ef.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_css_b0f49fc4f34fda43.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_443623ff27fc6f6b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_view_c303ad0c866a9c46.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_2a738435bdbe8f70.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.windows.cloudexperiencehost_cw5n1h2txyewy_core_js_applaunchers_de40849bf361043c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_9e9a8bf16c9ce6fb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_pris_54732ccdf1f56e95.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_31c45221d4cb849d.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_a8f01f5afa26d7fe.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_hubgraphs_1e54f4890cd85af2.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_cpuusage_1243fe54b3c33ef5.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_js_controls_1157de3cb46e4242.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_visualprofiler_images_b2ea4b46687fb713.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_7a1e52c1c21a9b31.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_remote_11ebffa9da3fca1d.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_storage_images_1340465dd71e167d.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_a9f39a038cc3b7a3.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_remote_55dc7b5801fb6335.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_serviceworker_images_6510545beb249a55.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_7a244bd9946463d6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_storage_f70892c1f75cfbcb.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_serviceworker_353d4d6caf0180b1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_network_efaedd2e00b02226.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_memoryanalyzer_501acfeebbf2699d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_emulation_591aa5980a836822.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_remote_console_d9535ed0236baa7f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_pluginhost_7855451f8cc6d5e5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_7ab47f47c1114fce.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_images_157c8fe3c2302ad8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_common_1658cff9c037a11d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_network_common_external_7f92c7900210e5ac.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_memoryanalyzer_de20a234bbe7c54f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_memoryanalyzer_images_b1ecedba4965354b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_7b8c91c59139b693.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_remote_0db396303ddca9c5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_header_images_fb78fc5c5a0cc765.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_frontend_739b19554a8c20f2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_frontend_host_api_data_ed750ad946fce5e8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_f12host_7bac9fd7bf1afefb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_emulation_fababcde97c7d402.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_elements_71ccc64b4d409b7d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_f226e3a6fa163210.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_768f421567e95a56.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_winningview_ed97ab3258420ac1.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_styleview_88bd78c42d6d2ad0.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_styles_changesview_3db702d077f4d0ac.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_images_77e98dbd64fdb0a6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_dom_domtree_78a1d1c302cf8918.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_81168649365dfec5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_watches_1bb8fcf67725ae40.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_watches_images_df31852dca1c5088.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_remote_11c812e70631185f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_languageservice_32e32ad1556f94fc.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_languageservice_images_1b734cca58996f4e.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_images_11b5f8b3068a4e7f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_cursor_11aa146906c830c9.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_cursor_images_ba8eeae0d1df5481.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_callstack_633aff4012f6a965.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_callstack_images_9306b1fde7cddd57.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_breakpoints_af355a13795264e7.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_debugger_breakpoints_images_4880219d231e1c07.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_console_7c54de03bd35687d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_7c54d2a38f4a267b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_tabcontrol_f71334f0c01c2e5f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_slickgrid_03235f7c2ba7bcf3.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_slickgrid_plugins_58362696fb879581.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_resourcesview_cb7043508efcf9d9.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_remote_86e6a9426c617031.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_4757a4fe44691a93.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_images_a51757acdeb17b07.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_perftools_controls_ca0aefc3c1cf16ed.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_objectview_212bfb620eb6c4fb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_81919faf0ad34c24.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_836d0bedf622f96e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_039e33851d5947ad.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_ec5dc157ad6c2803.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_95fdc9aeaaab6af6.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_b3bb6a206b246432.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_b3bb6b0a6b24624b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_cfd626ca1b2d84ad.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_cfd623421b2d89d0.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_lan_eebfb637d5a00776.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_edi_78ddde63e2dab0fa.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_f2dc8cf7872a49df.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_53a9eb248d463f89.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_7aeda93bec9377b0.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_monaco-editor_min_vs_bas_b1551e46af82ed02.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_modelview_68ab429493cd05f1.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_jquery_76027b9686fc0651.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_intellisense_721db7d304085d2e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_images_74ac0f6e88918dd1.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_images_colorpicker_e8c4095bbb47dc9c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_grid_6c4c834909422a5d.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_c8a6147a8388b7fb.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_typescript_13617520d76f3fac.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_html_64972c0dbcaefc6e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_formatter_css_7581a4e8169f757e.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_external_25adc88278dc605c.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_editor_6e5693f2911e8b00.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_dommutations_bcd1772e3aeea97b.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_dommutations_images_ba4ff6f874a9edb1.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_controls_231926087bfb24b3.cdf-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe_23_common_controls_listcontrol_eef1e9f6cc02fe9c.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_43d095bdcce4e130.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_pris_4719a634d2c04eec.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_en-us_assets_offlinetabs_d9769c7922380476.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_en-us_assets_errorpages_9b00dcea3e56c3f5.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_en-us_assets_applicationguard_fd7778a67cb80f70.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_f8075bc7ad02362b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_webnotes_febc6b7abccb2874.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_readingview_e64e82231b0e5fce.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_readingview_css_3066d24b0856bea1.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_persona_4fd2132d4ad15439.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_offlinetabs_7d551ad6791e5fc2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_offlinetabs_offlinetabs_files_606f2d436ca9f85f.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_pinjsapi_85e7afd298d161a3.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_pinjsapi_content_bce4d61c88fff4ac.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_learningtools_25cb263578b00eec.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_dcb3be839f31d5cd.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_prefill_578958a487bb2d19.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_document_3a04a7fa7c0c1008.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_hostextensions_autoformfill_content_5091a4e29314f3d6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_fonts_206f147a74e786c9.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_errorpages_73ec08ffb6105e23.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_dictionary_0a4f3c3a52411629.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_contextmenu_6a54d142fb74801d.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_990e8d61fcad5c14.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_js_78c5ff49aa9e261b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_bookviewer_css_38b1881b8abcd7a5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_booklibrary_3e904335483f7fff.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.microsoftedge_8wekyb3d8bbwe_assets_applicationguard_8359e7f74deb583c.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_d48a5fb790740a92.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_pris_8c9cc4e4b2c16ab2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_css_af32787f971fc4dd.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_microsoft.aad.brokerplugin_cw5n1h2txyewy_assets_4318eb5d347aa2b1.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_inputapp_cw5n1h2txyewy_9df2da13dd3956d1.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_inputapp_cw5n1h2txyewy_assets_154aa123a347aa26.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_systemapps_inputapp_cw5n1h2txyewy_assets_fonts_e8459e44c2b9b728.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winevt_39519e6af36cf6a7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winevt_logs_2ccd04a261f738ce.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_a349059b05097caa.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_provisioning_59992d8d97512395.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netswitchteam_c23a4af35d296eac.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netlbfo_dfa61a2ec6bf8e00.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_netconnection_bcd4e6858fe3adb5.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_3b7bfef9dd2baedf.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_microsoft.powershell.archive_en-us_ab4c72f96117094f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_configci_b363508fc8c99bc6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_windowspowershell_v1.0_modules_branchcache_a320bc68371dfd82.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:24 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbioplugins_071a28c5b510fb6a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_winbiodatabase_8ca29eba075c22c3.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_a67c0a7b7fef87b3.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_taskscheduler_2a138755a33c530b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_tasks_microsoft_windows_remoteapp_and_desktop_connections_update_c0beaecbfc21a5e1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sru_066563e7d047bae2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sr-latn-rs_36d1e04b1e65a349.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professionalworkstation_7ab478a3d1f596f9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_professional_a933d9880344b1b8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_enterprise_bc64f038d2d7a6d4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_education_eb248cb951678951.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_skus_csvlk-pack_7cc2fe5a710dd58a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_ppdlic_0f09ba294211a24b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_tokens_pkeyconfig_d8fc0830c525895a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_store_2.0_774a618ff1521716.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spp_plugin-manifests-signed_d1e9d31c180bebd2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_servers_02b04ba79d79f697.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_printers_420476df024372d2.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_spool_drivers_f1780fdbb7b569a2.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_voiceactivation_57f72a0344e2d398.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_engines_tts_1c71ba2a25e2bf02.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_onecore_common_60bf750299e8ab15.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_speech_engines_sr_f5f77fb9283237d8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_printing_admin_scripts_en-us_f242a041737eb912.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_029a48465a9cac56.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_networklist_icons_2b49083c03963dec.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_2650d8d30fee1fe9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_174c7b92bb7d581f.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_windowssearchengine_145004789b880a4a.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-shmig_9ef85dcb89d16c58.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_replacementmanifests_microsoft-windows-mup_6effbe5ec5d3b4ea.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_f1386c432966667b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-wmi-core_0fa6ec0ad029fddb.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-msmq-messagingcoreservice_a2ca72db0bdebee3.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migwiz_dlmanifests_microsoft-windows-iis-dl_8822f736d253acda.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_sam_5b4992809d2e7248.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_firewall_488be49cc4415d55.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_logfiles_cloudfiles_4f1ca5d4f4bf5aad.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_inputmethod_chs_f1e99f17c8c32153.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imetc_e3d3eac2a148ee29.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imetc_applets_6d36ac75fb0330ae.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_e3d40370a148c91a.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ime_imejp_applets_94594e11bb62a31f.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fr-ca_448327328202f0a1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-mx_429cdb1e84dc62e4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_en-gb_429cb20e84dc9fef.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_driverstore_a531a9c6b3dfcf87.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_dism_066548addf2fbd4b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_diagsvcs_dd4fddd4aaa5e8ac.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appv_066541f9df2fc831.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_appraiser_59bebec9f06db09b.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_applocker_745949fdc87fdde1.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_86042ecd14dccb9c.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_85d79caefa9ac893.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_8edca57574a98a4e.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_speech_onecore_engines_tts_en-us_f904ad554a6fa916.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellexperiences_2912c63bd045ac45.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_shellcomponents_dea969d8d78d1fee.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_tsworkspace_8eac79c1e59127ee.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_28b32c0f4161f4ca.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_schemas_codeintegrity_examplepolicies_83fa074d09c5bf54.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cc9458acec1840ff.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_packages_e07c8f8a91f541c4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_b2feb78251a8a259.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_provisioning_cosa_microsoft_77338a94bd8669dd.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_livekernelreports_13126bbee8c1252a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_installer_0d1280e2e633dc00.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_a2c41dc1731a4204.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_wsearchidxpi_0000_2e6e3f1caf9fca20.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_9c5b081f28f83f11.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugthrsvc_0000_8451c300df70be5f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_9f1f9c5b6cd50d98.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_ugatherer_0000_046b5203f9ca3f14.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_termservice_f0fb244350031192.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_termservice_0000_f96d5ce56bc76fc8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_3932681b8fb41c9d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_inf_pnrpsvc_0000_43733b07fe2eb83f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_1e6ccf0e6a91b570.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_pris_a05890fcf353f1d8.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_immersivecontrolpanel_images_2e6232377292b2dc.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_0d348c40e45e62ef.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_help_7cd8fd160d71b81c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_ime_imetc_dicts_b6bb60758b345dca.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_0fc22903a221b67f.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_time_zone_08f498d155d3913e.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_globalization_icu_0b932b2a9cc9f858.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_containers_serviced_07c9b2b35f82b615.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_40104b85a18bfcb2.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_0f8924c0debe64e4.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-plocm_a218927645e9595a.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_pcat_qps-ploc_109d95b40d3e11cb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_misc_pcat_6b00b12988eafd38.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_efi_0f890f82be247f42.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_de3c4ceb52549e1c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_boot_dvd_efi_en-us_8245c3aed97c0844.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_bcastdvr_fab1ebc0dbf2dacb.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appreadiness_b6ba89081e320d85.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_en-us_098dc872781aebb9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_customsdb_3bf1ff155493adb9.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_2adff76bea4847ec.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_apppatch_custom_custom64_12107ab6726c35e5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_programs_99c7f419bd54f4ca.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_33781004733ffeee.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_8c076a3be22985a1.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_videos_20f7329ef941f593.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_pictures_f5e7b0c0fda4db8c.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_music_8c1f3dc399e79184.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_libraries_de6591322faedac0.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_downloads_631cc37cff593fe6.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_documents_70461e22eba239ef.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_public_desktop_2377dac7383055bd.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_73615b64075aa65f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_videos_4078dfd58aff2cd5.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_saved_games_57aaea1c026aa551.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_pictures_209185c2b71537e4.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_music_4066f7392302d756.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_links_4064ed15230be7d0.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_favorites_d09a481c8ccc2a28.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_downloads_d0a063ac92c2c070.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_documents_a9a4e48ccdf32dcf.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_desktop_39aa59e1159d1203.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_33f0d5f51e505ec2.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_482f0bdd00d1643d.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_b898cfd29d5951f1.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_4793cab2f72cc262.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_templates_9327e87141b4e78f.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_start_menu_5eb528778fd8d821.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_sendto_cc2b2363b7303311.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_recent_ca449f9bba09f987.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_windows_network_shortcuts_cbcbd4ac7028a985.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_roaming_microsoft_internet_explorer_quick_launch_c0ec1d6b06e5808b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_bc5dd6ae41aaaeeb.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_temp_3274946c96022019.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_3433db0fbe07ab7f.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_9e28651fd972d480.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcookies_706c818672b5499f.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_inetcache_93b6f38324ca2118.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_history_f4337fe0129e212c.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\users_default_appdata_local_microsoft_windows_gameexplorer_5a14824a005868dd.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_softwaredistribution_ae0bdc9bb1bbdfab.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_fe5c6d762edd2110.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_ef9cc294168a8b97.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_logs_d0133fe6679072ac.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_security_health_health_advisor_caf4bd491726b327.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_827f103853495477.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_trace_948df0f7e3c42652.cdf-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_temp_7268e2d9fd6b25f5.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cyber_946bea51e45d4954.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_advanced_threat_protection_cache_946bebb1e45d47cb.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_8c225bc560faa67e.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_network_inspection_system_support_26123edb7728e22a.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_defender_definition_updates_d3c2d4757cf0b9a3.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_cae2264614449191.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wfp_1409fc168e700932.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_temp_783673b09e921b6b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportqueue_9ca35f30fc68b178.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_wer_reportarchive_5449504010b82c41.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_templates_15e72976404301fc.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_fde55420546edfe6.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_d672ba09d81e87ff.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_start_menu_programs_startup_b13751030220a596.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_packagedeventproviders_c79719361ec06661.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_gameexplorer_eb83b477ca9834cc.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_devicemetadatastore_2e1ff34936d2e8e5.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_debc96072b71b0d5.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_install_149a5029c4c64782.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_import_865699c21a2ad5a2.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_genuineticket_d7322dcf4073011e.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_clipsvc_archive_f622c70ff2ada08b.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_3e49394d38e6ac94.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_packages_711aa2dd7039ca9d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_windows_apprepository_families_5e2e105f8c5e974e.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_storage_health_9e678c58bd8432a1.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_speech_onecore_587c58cfbeda0062.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_929be8282aecbf17.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_8fbe865af4949dd7.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_provisioning_assetcache_cellularux_843105bb528cd98c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_mapdata_ce9aee460ee372ae.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_windowsanalytics_426faf4e30e982be.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_timetraveldebuggingstorage_1ae763553e336791.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_tenantstorage_1bbb9d3dba9fb526.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_softlandingstage_70419bf36c6a48e6.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_softlanding_4cba8d6220265950.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_scripts_1ccc196fc5f94e61.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_scenariossqlstore_fcb58a8e2d968cbb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_offlinesettings_3d82d09728c650a9.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_eventtranscript_e5c902fe71986f37.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_etllogs_scenarioshutdownlogger_f2836e137ebe0975.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_customtraceprofiles_90d388772cf90ca3.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\programdata_microsoft_appv_setup_c6b9e738c86ef84a.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86__676bbe2c7241b694.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_internet_explorer_cafab575245eacb0.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_dfa3680ec228c528.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_681b9383b994c86d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_x86_common_files_system_ado_32a3d3ab7409acd3.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_f5785c4ea515f92d.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_f73a958359531e4e.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_psreadline_378a5f77b9ba7615.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowspowershell_modules_psreadline_2.0.0_b9c755442ddd82eb.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_8909e9aceeb80d44.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windowsapps_deleted_382e0caddd5f5e75.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_096829c909d5eb56.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_advanced_threat_protection_en-us_a6e2e55771ed49c8.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_windows_defender_3e33901162166ae9.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_b13078daf1286f60.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$recycle.bin.cdf-ms Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: ? New Security Descriptor: S:ARAI(AU;SAFA;0x1f0116;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\system\ado\msado15.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\system\ado\msadomd.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Common Files\system\ado\msadox.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\internet explorer\iediagcmd.exe Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\internet explorer\IEShims.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\internet explorer\iexplore.exe Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender\NisSrv.exe Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseMirror.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe Handle ID: 0x6c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files\Windows Defender Advanced Threat Protection\en-US\MsSense.exe.mui Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)(AU;IDSAFA;0x1000000;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\system\ado\msado15.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\system\ado\msadomd.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Common Files\system\ado\msadox.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\IEShims.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\explorer.exe Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\splwow64.exe Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\AcRes.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\drvmain.sdb Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\sysmain.sdb Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\apppatch\en-US\AcRes.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\bcastdvr\KnownGameList.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\DVD\EFI\en-US\efisys_noprompt.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-ploc\bootmgr.exe.mui Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Boot\PCAT\qps-plocm\bootmgr.exe.mui Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\msgothic.ttc Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\StaticCache.dat Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\YuGothB.ttc Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\YuGothL.ttc Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\YuGothM.ttc Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Fonts\YuGothR.ttc Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\icudtl.dat Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\metaZones.res Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\timezoneTypes.res Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\windowsZones.res Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\ICU\zoneinfo64.res Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezoneMapping.xml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\timezones.xml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Globalization\Time Zone\tzautoupdate.dat Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\INF\apps.inf Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\MDM.admx Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\WCM.admx Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\ControlPanelDisplay.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\MDM.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\TextInput.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\VolumeEncryption.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WCM.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\PolicyDefinitions\en-US\WindowsUpdate.adml Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning-Sequence.dat Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Microsoft-Desktop-Provisioning.dat Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Cosa\Microsoft\Microsoft.Windows.Cosa.Desktop.Client.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Control.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.CPU.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Display.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.MBB.ppkg Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.StandbyActivation.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Storage.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Telemetry.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\Provisioning\Packages\Power.EnergyEstimationEngine.Wifi.ppkg Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\TaskFlowUI.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellComponents\WindowsInternal.ComposableShell.Experiences.Switcher.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\ClockFlyoutExperience.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\DevicesFlowUI.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\MtcUvc.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\NetworkUX.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\PeopleCommonControls.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\ShellExperiences\Windows.UI.ActionCenter.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aadcloudap.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcGenral.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AcLayers.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\acmigration.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ActiveSyncCsp.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aeinv.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aepic.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\aitstatic.exe Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\APMon.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\apphelp.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplySettingsTemplateCatalog.exe Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ApplyTrustOffline.exe Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppReadiness.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppResolver.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntStreamingManager.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystemController.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntSubsystems64.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVEntVirtualization.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVIntegration.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVPublishing.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVReporting.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppVScripting.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxAllUserStore.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentClient.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.desktop.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentExtensions.onecore.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppXDeploymentServer.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxPackaging.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AppxSysprep.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessManager.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\assignedaccessmanagersvc.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AssignedAccessRuntime.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiodg.exe Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEndpointBuilder.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioEng.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioSes.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\audiosrv.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AudioSrvPolicyManager.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AxInstSv.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\AzureSettingSyncProvider.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcastdvruserservice.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcdedit.exe Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bcryptprimitives.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdechangepin.exe Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bdesvc.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingASDS.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingFilterDS.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingMaps.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BingOnlineServices.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioCredProv.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BioIso.exe Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\bisrv.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BitLockerCsp.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browser_broker.exe Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\browserbroker.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\BTAGService.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CapabilityAccessManager.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdp.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdprt.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpsvc.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cdpusersvc.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakra.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Chakradiag.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ClipSVC.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cloudAP.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\clusapi.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmd.exe Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cmintegrator.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\combase.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompatTelRunner.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompMgmtLauncher.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSrv.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CompPkgSup.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\computecore.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\computestorage.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\configmanager2.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\conhost.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\consent.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\container.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ContentDeliveryManager.Utilities.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CredentialMigrationHandler.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credprovhost.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\credui.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptdll.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cryptngc.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscapi.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscdll.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscobj.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\cscsvc.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\CXHProvisioningServer.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\d3d10warp.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\D3D12.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dataclen.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataStoreCacheDumpTool.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataUsageHandlers.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DataUsageLiveTileTask.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\daxexec.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcntel.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dcomp.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DDDS.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DesktopSwitcherDataModel.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceCensus.exe Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DeviceEnroller.exe Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\devinv.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dhcpcore6.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagnosticLogCSP.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\diagtrack.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\discan.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DisplayManager.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenrollengine.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmenterprisediagnostics.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DMPushRouterCore.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dmvdsitf.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsapi.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dnsrslvr.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DolbyDecMFT.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DolbyHrtfEnc.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DolbyMATEnc.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\domgmt.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dosvc.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth1.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth2.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth3.bin Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth4.bin Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth5.bin Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth6.bin Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth7.bin Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DrtmAuth8.bin Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvinst.exe Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvsetup.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drvstore.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dsound.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dssvc.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dusmsvc.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dwmcore.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWrite.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DWWIN.EXE Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\dxdiag.exe Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EASPolicyManagerBrokerHost.exe Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeContent.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtml.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgehtmlpluginpolicy.bin Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\edgeIso.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EdgeManager.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EduPrintProv.exe Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\efscore.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\EnterpriseAppMgmtSvc.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\enterprisecsps.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:25 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\esent.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\esentutl.exe Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\facecredentialprovider.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Faultrep.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fcon.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FilterDS.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FirewallAPI.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FntCache.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontdrvhost.exe Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fontsub.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FrameServer.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\FSClient.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fsutil.exe Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapi.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveapibase.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvecpl.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fveui.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\fvewiz.dll Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gdi32full.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\GdiPlus.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\generaltel.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hhctrl.ocx Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hlink.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HologramCompositor.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HologramWorld.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HoloSI.PCShell.dll Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\HttpsDataSource.dll Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvax64.exe Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvix64.exe Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\hvloader.dll Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Hydrogen.dll Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\icuin.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ie4uinit.exe Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iedkcs32.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieframe.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ieproxy.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\iertutil.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ImplatSetup.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\inetcpl.cpl Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputHost.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputService.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputSwitch.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InstallService.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\invagent.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IPHLPAPI.DLL Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ISM.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\itss.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JpMapControl.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\JpnServiceDS.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\jscript9diag.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kdnet.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KdsCli.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kerberos.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\kernel32.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\KernelBase.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LanguageComponentsInstaller.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingUI.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LicensingWinRT.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\locale.nls Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\localspl.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\LockAppBroker.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpasvc.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\lpkinstall.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapConfiguration.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapControlCore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapGeocoder.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapRouter.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MapsStore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApi.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MbaeApiPublic.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MBR2GPT.EXE Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mcbuilder.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MDMAgent.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnostics.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MdmDiagnosticsTool.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmmigrator.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mdmregistration.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mf3216.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfasfsrcsnk.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfc42u.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfcore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfh264enc.dll Handle ID: 0x88 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MFMediaEngine.dll Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmp4srcsnk.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfmpeg2srcsnk.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfps.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfreadwrite.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mfsvr.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Bluetooth.Service.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.AppAgent.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Common.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.CommonBridge.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.ModernAppAgent.dll Handle ID: 0x90 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Microsoft.Uev.PrinterCustomActions.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mispace.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MixedReality.Broker.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mmsys.cpl Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\moshostcore.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mpr.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mprddm.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MPSSVC.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSAudDecMFT.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msctf.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msfeeds.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSFlacDecoder.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mshtml.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msi.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msiexec.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msIso.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msmpeg2vdec.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssprxy.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mssrch.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstsc.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mstscax.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msv1_0.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcp_win.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvcrt.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MSVidCtl.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msvproc.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\mswsock.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml3.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\msxml6.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MTF.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\musdialoghandlers.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotification.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotificationUx.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusNotifyIcon.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\MusUpdateHandlers.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NcaSvc.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncryptprov.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ncsi.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\negoexts.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netiohlp.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netlogon.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\netprofmsvc.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupApi.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupEngine.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupShim.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetSetupSvc.dll Handle ID: 0xa4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nettrace.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NetworkMobileSettings.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NgcCtnrSvc.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcpopkeysrv.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngcsvc.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ngctasks.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nlahc.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nltest.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\notepad.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationController.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\NotificationControllerPS.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\npmproxy.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshhttp.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nshwfp.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\nslookup.exe Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntlanman.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ntshrui.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\objsel.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\offreg.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ole32.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleaut32.dll Handle ID: 0xb8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oleprn.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\omadmclient.exe Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneCoreUAPCommonProxyStub.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\OneDriveSettingSyncProvider.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pcasvc.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDist.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistCacheProvider.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistCleaner.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistSh.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistSvc.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PeerDistWSDDiscoProv.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfproc.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\perfts.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\phoneactivate.exe Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pidgenx.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pkeyhelper.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PktMon.exe Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\pku2u.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PlayToManager.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\policymanager.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profext.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\profsvc.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\propsys.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\PsmServiceExtHost.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ptpprov.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\QuietHours.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RADCUI.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasapi32.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rascustom.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasman.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasmans.dll Handle ID: 0xa0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rasppp.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rastls.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpbase.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpclip.exe Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcore.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpcorets.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpinit.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpnano.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpserverbase.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpshell.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rdpudd.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RDSPnf.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ReAgent.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\refsutil.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\reseteng.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngine.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResetEngOnline.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ResourceMapper.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\resutils.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rfxvmt.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RjvMDMConfig.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RMapi.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\RpcPing.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcrt4.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\rpcss.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\samsrv.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schannel.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\schedsvc.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SDDS.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SearchIndexer.exe Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecConfig.efi Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecureBioSysprep.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecureTimeAggregator.dll Handle ID: 0xbc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthAgent.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SecurityHealthService.exe Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SensorService.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsEnvironment.Desktop.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Language.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_Notifications.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_nt.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingsHandlers_PCDisplay.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncCore.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SettingSyncHost.exe Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupapi.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\setupcln.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SgrmBroker.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedPCCSP.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SharedRealitySvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ShareHost.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\shell32.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SIHClient.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slcext.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\slui.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SmartcardCredentialProvider.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreen.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smartscreenps.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\smbwmiv2.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SndVolSSO.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpaceAgent.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spacebridge.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpaceControl.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spaceman.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SpatialAudioLicenseSrv.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spoolsv.exe Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spopk.dll Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppc.dll Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcext.dll Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppcommdlg.dll Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppobjs.dll Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppsvc.exe Handle ID: 0xd4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sppwinob.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SRH.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srpapi.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srumsvc.dll Handle ID: 0xdc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\srvsvc.dll Handle ID: 0xdc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StartTileData.dll Handle ID: 0xdc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StateRepository.Core.dll Handle ID: 0xe4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storagewmi.dll Handle ID: 0xe4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\storewuauth.dll Handle ID: 0xe4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StorSvc.dll Handle ID: 0xe8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\StructuredQuery.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\sysmain.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\systemreset.exe Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsAdminFlows.exe Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\SystemSettingsThresholdAdminFlowUI.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\t2embed.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskcomp.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TaskFlowDataEngine.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\taskhostw.exe Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tdh.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TDLMigration.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tellib.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\termsrv.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tetheringservice.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\thumbcache.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TileDataRepository.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBroker.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TokenBrokerUI.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TpmTasks.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tquery.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\TSWorkspace.dll Handle ID: 0xe4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ttdrecordcpu.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ttdwriter.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinapi.appcore.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.dll Handle ID: 0xec Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\twinui.pcshell.dll Handle ID: 0xdc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\tzres.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ucrtbase_enclave.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uDWM.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UevAppMonitor.exe Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\umpo-overrides.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Unistore.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpdateAgent.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatehandlers.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\updatepolicy.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UpgradeResultsUI.exe Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\upshared.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uReFS.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\urlmon.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UserDataTimeUtil.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\userenv.dll Handle ID: 0xd8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usermgr.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usoapi.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\UsoClient.exe Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\usocore.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uwfcfgmgmt.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vbscript.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vdsbas.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vpnike.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\vssapi.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\VSSVC.exe Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32time.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\w32tm.exe Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicAgent.exe Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicCapsule.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WaaSMedicSvc.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbiosrvc.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wc_storage.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcimage.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wcmsvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wdigest.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\webplatstorageserver.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WebRuntimeManager.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wer.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werconcpl.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wercplsupport.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFault.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WerFaultSecure.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wermgr.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wersvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\werui.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtapi.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wevtsvc.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WiFiCloudStore.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimgapi.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wimserv.exe Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32appinventorycsp.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32k.sys Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kbase.sys Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\win32kfull.sys Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winbio.dll Handle ID: 0xc4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:26 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wincredui.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.AI.MachineLearning.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.CloudStore.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Cortana.OneCore.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Activities.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Data.Pdf.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Enumeration.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.LowLevel.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Picker.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.Radios.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Devices.SerialCommunication.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Globalization.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Graphics.Printing.Workflow.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Management.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Internal.Shell.Broker.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.internal.shellcommon.shareexperience.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.BackgroundMediaPlayback.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.dll Handle ID: 0xc8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Playback.BackgroundMediaPlayer.dll Handle ID: 0xc8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Playback.MediaPlayer.dll Handle ID: 0xc8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Media.Protection.PlayReady.dll Handle ID: 0xc8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Connectivity.dll Handle ID: 0xb0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Networking.Vpn.dll Handle ID: 0xd0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Services.TargetedContent.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.SharedPC.CredentialProvider.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepository.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryBroker.dll Handle ID: 0xac Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryClient.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryCore.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryPS.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.StateRepositoryUpgrade.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Storage.ApplicationData.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\windows.storage.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Core.TextInput.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Immersive.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Input.Inking.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Logon.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.UI.Xaml.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Windows.Web.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winhttp.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wininet.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winquic.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\winspool.drv Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wintrust.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wkssvc.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanapi.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlanmsm.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wlansvc.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Wldap32.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wldp.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOD.DLL Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMADMOE.DLL Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wmicmiplugin.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WMSPDMOE.DLL Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WpAXHolder.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnapps.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpncore.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpnprv.dll Handle ID: 0xc0 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wpx.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WsmSvc.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_fs.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wsp_health.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WSReset.exe Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuapi.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuaueng.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wups2.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhext.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wuuhosdeployment.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WWAHost.exe Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wwansvc.dll Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\appraiser.sdb Handle ID: 0xcc Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_Data.ini Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\appraiser\Appraiser_TelemetryRunList.xml Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.efi Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Boot\winload.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.Packaging.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Runtime.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\SetupPlatformProvider.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Dism\TransmogProvider.dll Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\appid.sys Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\bindflt.sys Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\Classpnp.sys Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\cldflt.sys Handle ID: 0x9c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\ClipSp.sys Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\http.sys Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\hvservice.sys Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\MbbCx.sys Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\mpsdrv.sys Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\nwifi.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\PEAuth.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\rdpdr.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srv2.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\srvnet.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\storqosflt.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\wcifs.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\WdiWiFi.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\winquic.sys Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\en-US\srv2.sys.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\NfcCx.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\drivers\UMDF\SensorsCx.dll Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\AppXDeploymentServer.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\dmenterprisediagnostics.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\fcon.dll.mui Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\fsutil.exe.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\ieframe.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\kernel32.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\KernelBase.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\microsoft-windows-kernel-processor-power-events.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\MusUpdateHandlers.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\netiohlp.dll.mui Handle ID: 0x98 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\nshhttp.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\srpapi.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\en-US\tzres.dll.mui Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\IME\IMEJP\applets\imjpskey.DLL Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsEM.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\InputMethod\CHS\ChsPinyinDS.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\AppxUpgradeMigrationPlugin.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\sppmig.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WMIMigrationPlugin.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migration\WsUpgrade.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\csiagent.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migcore.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\migstore.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-msmq-messagingcoreservice\mqmigplugin.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\WMIMigrationPlugin.dll Handle ID: 0xb4 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-AdvertisingId-Replacement.man Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\mup-replacement.man Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\shmig-replacement.man Handle ID: 0x8c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\migwiz\replacementmanifests\Microsoft-Windows-Mup\MupMigPlugin.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\cmisetup.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\SetupCleanupTask.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\UserOOBE.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\win32ui.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\oobe\winsetup.dll Handle ID: 0x94 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prncnfg.vbs Handle ID: 0xa8 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prnjobs.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\prnqctl.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\SR\spsreng.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech\Engines\SR\srloc.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\common\sapi_onecore.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\Speech_OneCore\Engines\TTS\MSTTSLoc_OneCore.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\plugin-manifests-signed\sppwinob-spp-plugin-manifest-signed.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\pkeyconfig\pkeyconfig-csvlk.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-oob-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-phn-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-store-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-pl-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-phn-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-store-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Education\Education-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Enterprise\Enterprise-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-2-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-3-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-4-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-5-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-DM-6-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-2-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-3-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-4-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Retail-5-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\Professional\Professional-Volume-MAK-2-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-DM-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-OEM-NONSLP-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-1-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-phn-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Retail-2-ul-store-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-GVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-GVLK-1-ul-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-phn-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\spp\tokens\skus\ProfessionalWorkstation\ProfessionalWorkstation-Volume-MAK-1-ul-store-rtm.xrm-ms Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\th-TH\comdlg32.dll.mui Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\uk-UA\comdlg32.dll.mui Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\cimwin32.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\MDMSettingsProv.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\ndisimplatcim.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\NetPeerDistCim.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\netswitchteamcim.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\wbem\wbemcore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ArchiveResources.psd1 Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\zh-CN\comdlg32.dll.mui Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\resources.pri Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AAD.Core.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eData.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eView.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\resources.pri Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\ErrorPageScripts.js Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\ErrorPages\needhvsi.html Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\en-US\assets\ErrorPages\needhvsi.html Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\pris\resources.en-US.pri Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxBlockMap.xml Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxManifest.xml Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\AppxSignature.p7x Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\MicrosoftAccount.TokenProvider.Core.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\default.js Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\js\hololensWorkAccount.js Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppxBlockMap.xml Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppxManifest.xml Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppxSignature.p7x Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.ActionUriHandlers.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.AppToApp.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Internal.Search.winmd Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Reminders.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Search.winmd Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.SPA.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Sync.Worker.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaSpeechux.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\microsoft.bing.client.graph.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\OnlineServices.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PhonePCVoiceAgents.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PPIVoiceAgents.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReactiveAgentsCommon.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ReminderActionUriHandlers.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:27 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersShareTargetApp.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\resources.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SAPIBackgroundTask.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SharedVoiceAgents.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\TextEntityExtractorProxy.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\tws.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\VadSharedVoiceAgents.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\VoiceAgentsCommon.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\resources.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\ShellComponents.Switcher\ShellComponents.Switcher.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\TextInput\TextInput.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\Windows.Data.TimeZones.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ar-SA.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.bg-BG.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.cs-CZ.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.da-DK.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.de-DE.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.el-GR.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.en-GB.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.en-US.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.es-ES.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.es-MX.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.et-EE.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fi-FI.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fr-CA.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.fr-FR.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.he-IL.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.hr-HR.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.hu-HU.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.it-IT.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ja-JP.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ko-KR.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.lt-LT.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.lv-LV.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.nb-NO.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.nl-NL.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pl-PL.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pt-BR.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.pt-PT.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ro-RO.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.ru-RU.pri Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sk-SK.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sl-SI.pri Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sr-Latn-RS.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.sv-SE.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.th-TH.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.tr-TR.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.uk-UA.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.zh-CN.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.Data.TimeZones\pris\Windows.Data.TimeZones.zh-TW.pri Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.Logon\Windows.UI.Logon.pri Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\Windows.UI.SettingsAppThreshold.pri Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.SettingsAppThreshold\SystemSettings\Assets\Fonts\SetMDL2.ttf Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SystemResources\Windows.UI.ShellCommon\Windows.UI.ShellCommon.pri Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcGenral.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AcLayers.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\aepic.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\apphelp.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppResolver.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppVEntSubsystems32.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxAllUserStore.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppXDeploymentClient.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AppxPackaging.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AssignedAccessRuntime.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioEng.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AudioSes.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\AzureSettingSyncProvider.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\bcryptprimitives.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BingMaps.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BingOnlineServices.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BioCredProv.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\BitLockerCsp.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdp.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cdprt.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Chakra.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\clusapi.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmd.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cmintegrator.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\combase.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CompPkgSup.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\container.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\CredentialMigrationHandler.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credprovhost.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\credui.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptdll.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cryptngc.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscapi.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscdll.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\cscobj.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\d3d10warp.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\D3D12.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dataclen.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\daxexec.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dcomp.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dhcpcore6.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DisplayManager.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmenrollengine.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dmvdsitf.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dnsapi.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DolbyDecMFT.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvsetup.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\drvstore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dsound.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dtdump.exe Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dwmcore.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWrite.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\DWWIN.EXE Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\dxdiag.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgehtml.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\edgeIso.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EdgeManager.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\esent.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\esentutl.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\explorer.exe Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Faultrep.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\FirewallAPI.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontdrvhost.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fontsub.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fsutil.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapi.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\fveapibase.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\gdi32full.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\GdiPlus.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hhctrl.ocx Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\hlink.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\icuin.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\icuuc.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iedkcs32.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieframe.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ieproxy.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\iertutil.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\inetcpl.cpl Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputHost.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InputSwitch.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\InstallService.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IPHLPAPI.DLL Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\itss.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\JpMapControl.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\jscript9.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kerberos.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\kernel32.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\KernelBase.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LicensingWinRT.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\LockAppBroker.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapConfiguration.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapGeocoder.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MapRouter.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApi.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MbaeApiPublic.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mcbuilder.exe Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mdmregistration.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mf3216.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfasfsrcsnk.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfcore.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfh264enc.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MFMediaEngine.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfmp4srcsnk.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfreadwrite.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mfsvr.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.AppAgent.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mispace.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mmsys.cpl Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mpr.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mprddm.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msctf.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msexcl40.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msfeeds.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSFlacDecoder.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mshtml.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msi.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msiexec.exe Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msIso.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msjet40.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msltus40.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msmpeg2vdec.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mspbde40.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msrd2x40.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msrd3x40.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mssrch.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstsc.exe Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mstscax.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msv1_0.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvcrt.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MSVidCtl.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msvproc.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\mswsock.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxbde40.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml3.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\msxml6.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\MTF.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ncryptprov.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\negoexts.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netiohlp.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\netlogon.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupApi.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupEngine.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\NetSetupShim.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\notepad.exe Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\npmproxy.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshhttp.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nshwfp.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\nslookup.exe Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntlanman.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ntshrui.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\objsel.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\offreg.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ole32.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleaut32.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oleprn.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\olepro32.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeerDist.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PeerDistSh.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfproc.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\perfts.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\pidgenx.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\PlayToManager.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\policymanager.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\profext.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\propsys.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RADCUI.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasapi32.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasman.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rasppp.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rastls.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpbase.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpcore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rdpserverbase.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ReAgent.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\resutils.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rfxvmt.dll Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\RpcPing.exe Handle ID: 0x78 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\rpcrt4.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\schannel.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchIndexer.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SearchProtocolHost.exe Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncCore.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SettingSyncHost.exe Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupapi.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\setupcln.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ShareHost.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\shell32.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\slcext.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\smartscreenps.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SndVolSSO.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spacebridge.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\SpatialAudioLicenseSrv.exe Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spopk.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\sppcext.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srpapi.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\srumsvc.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StateRepository.Core.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\storagewmi.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\StructuredQuery.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\t2embed.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\taskcomp.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tdh.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\thumbcache.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TileDataRepository.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBroker.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TokenBrokerUI.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tquery.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\TSWorkspace.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ttdrecordcpu.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ttdwriter.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinapi.appcore.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\twinui.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\tzres.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\ucrtbase.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Unistore.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\updatepolicy.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\uReFS.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\urlmon.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\UserDataTimeUtil.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\userenv.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\usoapi.dll Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vbscript.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\vssapi.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\w32tm.exe Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\webplatstorageserver.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wer.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFault.exe Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WerFaultSecure.exe Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wermgr.exe Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\werui.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wevtapi.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wimgapi.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\win32kfull.sys Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winbio.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wincredui.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Data.Pdf.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:28 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Picker.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.Radios.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Globalization.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Internal.Management.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Networking.Vpn.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepository.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\windows.storage.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Immersive.dll Handle ID: 0x80 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.UI.Xaml.dll Handle ID: 0x74 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Windows.Web.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winhttp.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wininet.dll Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\winspool.drv Handle ID: 0x60 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wintrust.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wlanapi.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Wldap32.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wldp.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOD.DLL Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMADMOE.DLL Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WMSPDMOE.DLL Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wpnapps.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WsmSvc.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_fs.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wsp_health.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wuapi.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\wups.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WWAHost.exe Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\SetupPlatformProvider.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Dism\TransmogProvider.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\IME\IMEJP\applets\imjpskey.DLL Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\sppmig.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WMIMigrationPlugin.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\migration\WsUpgrade.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\cmisetup.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\oobe\SetupCleanupTask.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\SR\spsreng.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech\Engines\SR\srloc.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\common\sapi_onecore.dll Handle ID: 0x68 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\MSTTSLoc_OneCore.dll Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\pkeyconfig\pkeyconfig-csvlk.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-pl-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-oob-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-phn-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-1-ul-store-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-oob-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-phn-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-10-ul-store-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-pl-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-oob-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-phn-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-2-ul-store-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-pl-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-oob-rtm.xrm-ms Handle ID: 0x84 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-3-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-oob-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-phn-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-4-ul-store-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-pl-rtm.xrm-ms Handle ID: 0x7c Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-6-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-7-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-8-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-pl-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-oob-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-phn-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-9-ul-store-rtm.xrm-ms Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\provpackageapi.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\TextInput\WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\14a3f9e824793931d34f7f786a538bbc9ef1f0d6.xml Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\2213703c9c64cc61ba900531652e23c84728d2a2.xml Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 13568 | 2019-08-07 18:35:29 | | Microsoft-Windows-Security-Auditing | 4907: Auditing settings on object were changed. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WaaS\services\ceb497ee0184aaa4681d2fb2ef242a5b8551eea8.xml Handle ID: 0x70 Process Information: Process ID: 0xe94 Process Name: C:\Windows\System32\poqexec.exe Auditing Settings: Original Security Descriptor: S:AINO_ACCESS_CONTROL New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
|
| | Security | Audit Success | 103 | 2019-08-07 18:35:48 | | Microsoft-Windows-Eventlog | 1100: The event logging service has shut down.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x58 New Process Name: ????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:07 | | Microsoft-Windows-Security-Auditing | 4696: A primary token was assigned to process. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Process Information: Process ID: 0x4 Process Name: ? Target Process: Target Process ID: 0x58 Target Process Name: Registry New Token Information: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x3e7
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:07 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x120 New Process Name: ??????????????-??6?4????0--?0??????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x4 Creator Process Name: ??????? Process Command Line: ????0--?0??????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13573 | 2019-08-07 18:36:07 | | Microsoft-Windows-Security-Auditing | 4826: Boot Configuration Data loaded. Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 General Settings: Load Options: - Advanced Options: %%1843 Configuration Access Policy: %%1846 System Event Logging: %%1843 Kernel Debugging: %%1843 VSM Launch Type: %%1848 Signature Settings: Test Signing: %%1843 Flight Signing: %%1843 Disable Integrity Checks: %%1843 HyperVisor Settings: HyperVisor Load Options: - HyperVisor Launch Type: %%1848 HyperVisor Debugging: %%1843
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:08 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x180 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x120 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d8 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x120 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1e0 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x230 New Process Name: ??????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x120 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x238 New Process Name: ???????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x1d8 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x240 New Process Name: ??????????????e??? ????????? ???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x230 Creator Process Name: ????????????????????4 Process Command Line: ????0--?0????????????????????4 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:09 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x294 New Process Name: ????????????????-??6??0????0--?0????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x230 Creator Process Name: ????????????????????4? Process Command Line: ????0--?0????????????????????4? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:10 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2a4 New Process Name: ????????????????-??6??8????0--?0???????????????e?????? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 12288 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4608: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 0 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: - New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: ? Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-0 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\wininit.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-0 Account Name: UMFD-0 Account Domain: Font Driver Host Logon ID: 0xc6c5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x238 Process Name: C:\Windows\System32\wininit.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: UMFD-1 Account Domain: Font Driver Host Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-96-0-1 Account Name: UMFD-1 Account Domain: Font Driver Host Logon ID: 0xc6d9 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-20 Account Name: NETWORK SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e4 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13312 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4688: A new process has been created. Creator Subject: Security ID: S-1-5-18 Account Name: - Account Domain: - Logon ID: 0x3e7 Target Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d0 New Process Name: ??????????????e??? ????????? ???????????????????????4? Token Elevation Type: %%1936 Mandatory Label: S-1-16-16384 Creator Process ID: 0x238 Creator Process Name: ???????????????e?????? Process Command Line: ????0--?0???????????????e?????? Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
|
| | Security | Audit Success | 13568 | 2019-08-07 18:36:11 | | Microsoft-Windows-Security-Auditing | 4902: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0xc51c
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-1 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11642 Linked Logon ID: 0x1165e Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1842 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1165e Linked Logon ID: 0x11642 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x294 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x11642 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-90-0-1 Account Name: DWM-1 Account Domain: Window Manager Logon ID: 0x1165e Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:12 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12292 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 5033: The Windows Firewall Driver started successfully.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:14 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa74 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-20 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e4 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa74 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xa98 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:15 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xa98 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12292 | 2019-08-07 18:36:16 | | Microsoft-Windows-Security-Auditing | 5024: The Windows Firewall service started successfully.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:24 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:24 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:28 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:28 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:29 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4128 Process Creation Time: 2019-08-07T15:36:30.749019200Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-19 Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Process Information: Process ID: 4128 Process Creation Time: 2019-08-07T15:36:30.749019200Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Linked Logon ID: 0x61013 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Linked Logon ID: 0x60fd1 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:30 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x4e8 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:31 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x198 Process Name: C:\Windows\System32\LogonUI.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:33 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:33 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x18a0 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:36:40 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x18a0 Process Name: C:\Windows\System32\SearchIndexer.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:36:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:36:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:52 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:54 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 13824 | 2019-08-07 18:36:55 | | Microsoft-Windows-Security-Auditing | 5379: Credential Manager credentials were read. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Read Operation: %%8100 This event occurs when a user performs a read operation on stored credentials in Credential Manager.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:37:06 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:37:06 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:37:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:37:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:37:17 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:37:17 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12290 | 2019-08-07 18:37:40 | | Microsoft-Windows-Security-Auditing | 5061: Cryptographic operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Cryptographic Operation: Operation: %%2480 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 18:37:40 | | Microsoft-Windows-Security-Auditing | 5058: Key file operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Process Information: Process ID: 4672 Process Creation Time: 2019-08-07T15:36:30.327725700Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNKNOWN Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Key File Operation Information: File Path: C:\Users\user\AppData\Roaming\Microsoft\Crypto\Keys\de7cf8a7901d2ad13e5c67c29e5d1662_88744d6b-c204-4db8-9688-8ba2e3f44c69 Operation: %%2458 Return Code: 0x0
|
| | Security | Audit Success | 12292 | 2019-08-07 18:37:40 | | Microsoft-Windows-Security-Auditing | 5059: Key migration operation. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x61013 Process Information: Process ID: 4672 Process Creation Time: 2019-08-07T15:36:30.327725700Z Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: ECDSA_P256 Key Name: Microsoft Connected Devices Platform device certificate Key Type: %%2500 Additional Information: Operation: %%2464 Return Code: 0x0
|
| | Security | Audit Success | 12544 | 2019-08-07 18:38:01 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:38:01 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:38:15 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 18:38:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0xf90 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:38:17 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0xf90 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 18:39:13 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:39:13 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:46:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:46:19 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:46:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12548 | 2019-08-07 18:46:19 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:46:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:46:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:46:50 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:46:50 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:51:31 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:51:31 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:20 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:20 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Failure | 12544 | 2019-08-07 18:53:26 | | Microsoft-Windows-Security-Auditing | 4625: An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 2 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: user Account Domain: DESKTOP-I4VK9ON Failure Information: Failure Reason: %%2313 Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x7d8 Caller Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4648: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: user Account Domain: DESKTOP-I4VK9ON Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 127.0.0.1 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x1774f4 Linked Logon ID: 0x177511 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1843 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x177511 Linked Logon ID: 0x1774f4 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x7d8 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: DESKTOP-I4VK9ON Source Network Address: 127.0.0.1 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12545 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x177511 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12545 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4634: An account was logged off. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x1774f4 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:30 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x1774f4 Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:34 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:34 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13826 | 2019-08-07 18:53:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x1e20 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:53:36 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x1e20 Process Name: C:\Windows\System32\svchost.exe
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:39 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:39 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:42 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:42 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:43 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:43 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 12544 | 2019-08-07 18:53:46 | | Microsoft-Windows-Security-Auditing | 4624: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: DESKTOP-I4VK9ON$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Information: Logon Type: 5 Restricted Admin Mode: - Virtual Account: %%1843 Elevated Token: %%1842 Impersonation Level: %%1833 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x2a4 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
|
| | Security | Audit Success | 12548 | 2019-08-07 18:53:46 | | Microsoft-Windows-Security-Auditing | 4672: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-500 Account Name: Administrator Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-501 Account Name: Guest Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-503 Account Name: DefaultAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-579 Group Name: Access Control Assistance Operators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-544 Group Name: Administrators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-569 Group Name: Cryptographic Operators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-583 Group Name: Device Owners Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-562 Group Name: Distributed COM Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-573 Group Name: Event Log Readers Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-546 Group Name: Guests Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-578 Group Name: Hyper-V Administrators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-568 Group Name: IIS_IUSRS Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-556 Group Name: Network Configuration Operators Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-559 Group Name: Performance Log Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-558 Group Name: Performance Monitor Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-547 Group Name: Power Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-555 Group Name: Remote Desktop Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-580 Group Name: Remote Management Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-552 Group Name: Replicator Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-581 Group Name: System Managed Accounts Group Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13826 | 2019-08-07 18:55:22 | | Microsoft-Windows-Security-Auditing | 4799: A security-enabled local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 Group: Security ID: S-1-5-32-545 Group Name: Users Group Domain: Builtin Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-504 Account Name: WDAGUtilityAccount Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | Security | Audit Success | 13824 | 2019-08-07 18:55:23 | | Microsoft-Windows-Security-Auditing | 4798: A user's local group membership was enumerated. Subject: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Logon ID: 0x60fd1 User: Security ID: S-1-5-21-1667190791-3301118636-2800670287-1001 Account Name: user Account Domain: DESKTOP-I4VK9ON Process Information: Process ID: 0x8d8 Process Name: C:\Users\user\Desktop\AIDA64 Extreme_Engineer_Business_Edition_Network Audit 5.99.4900 RePack (&Portable) by TryRooM\AIDA64-Extreme Portable\App\AIDA64Extreme\aida64.exe
|
| | System | Warning | None | 2019-08-07 17:14:40 | LOCAL SERVICE | Microsoft-Windows-Time-Service | 52: The time service has set the time with offset 30835 seconds.
|
| | System | Error | 1 | 2019-08-07 17:38:14 | SYSTEM | Microsoft-Windows-WindowsUpdateClient | 20: Installation Failure: Windows failed to install the following update with error 0x80246007: 9NBLGGH4RV3K-Microsoft.VCLibs.140.00.UWPDesktop.
|
| | System | Error | None | 2019-08-07 17:53:28 | | Service Control Manager | 7023: The Update Orchestrator Service service terminated with the following error: %%2147549471
|
| | System | Error | None | 2019-08-07 17:55:56 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2019-08-07 17:55:56 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2019-08-07 17:55:56 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2019-08-07 18:35:17 | | Service Control Manager | 7023: The Update Orchestrator Service service terminated with the following error: %%2147549471
|
| | System | Error | None | 2019-08-07 18:38:16 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2019-08-07 18:38:16 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|
| | System | Error | None | 2019-08-07 18:38:16 | SYSTEM | DCOM | 10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
|